Wednesday, December 6, 2017

Web Secret 496: Computer security

Last month, CNET published an informative article "How to give your parents the security talk this Thanksgiving" which I have decided to summarize (with occasional comments) for you, my readers.

I am doing this because my experience has been that most people - whether they are Boomers or Millenials - don't know Jack about computer security.

So even though the topic is borrrring, you should at least understand the following:

Phishing: This is when someone pretends to be somebody else in an attempt to steal your information, whether it's a credit card number, login password or any data that can be used in an attack. Phishing attacks often come in the form of email that contains a link taking you to a website designed to trick you. The easiest way to avoid getting phished is simply to not click on any links in emails. If an email coming from Netflix says your account is getting canceled, just go directly to Netflix's website to check it out -- don't do it from the link in the email.

3 tips to spot a phishing email:

Grammar: Bad grammar is a tell-tale sign of an online scam.

Check the source: The address the email came from is often a thinly veiled disguise (coming from instead of, for example).

Weird links: You can hover your mouse over links and pictures to see where they'll lead you. If an email claiming to be from Netflix is actually going to a suspicious website, that's a good sign it's a scam.

My comment: Phishers are becoming increasingly expert at sending emails that look authentic. Many of these emails report that something is being canceled. Automatically be wary of any such email.

Password managers: It's a pain to have to remember different passwords - but it's also a must. Fortunately, there are services out there that will keep all your passwords in one place.

With password managers, you just have to remember one password for the manager. You log into that service and the managers sync across your browsers and devices, bringing both security and convenience. Find out more here.

HTTPS and SSL: Every time you go on a website, you should check to see if there's a green lock icon next to the URL. That symbol shows you're on a page protected by HTTPS, which stands for Hypertext Transfer Protocol Secure.

The green lock tells you the website has Secure Sockets Layer (SSL) enabled, meaning there's a certificate to prove that the website is secure and that your sensitive information can't be stolen or spied on. Think of it as a virtual seal of approval that your secrets are safe.

Sometimes going on a nonsecure site can't be avoided (CNN's website, for example, is not HTTPS). You should be careful about entering sensitive information on public Wi-Fi if you have to go on non-HTTPS pages.

Ransomware: This is a type of virus that locks up your important files and sometimes your entire computer, unless you pay the ransom.

You should back up your files regularly in case you ever get hit with ransomware - my fav utility for this is Carbonite. CNET has an entire guide on whether you should pay the ransom. The short answer is don't.

Patching: Companies like Microsoft and Apple aren't sending frequent updates just to annoy you. Most of the time these updates come with patches to fix security flaws that were recently discovered. Suck it up and update your devices.

Two-factor authentication: It's an extra layer of security on top of your password.

It's around you everywhere you go already: swiping your debit card and then entering your PIN code, or writing a check and showing a driver's license with it. The factors are often a combination of something you know (a password, a PIN, answers to a question) with something you have (a thumbprint, a card, a phone).

The most common version of two-factor authentication is a code texted to your phone after you enter your password. Warning - this can be more complicated and annoying than it sounds.

Be safe. 

No comments:

Post a Comment